The use of remote computing services, such as remote program execution and remote data storage, has greatly increased in recent years. Customers may reduce expenses and overhead by purchasing these services from a computing resource service provider (also referred to as a service provider). Customer applications may be distributed over multiple virtual machine instances and computing systems. The virtual machine instances may be controlled by a hypervisor operating on a computing system. The hypervisor may provide secure partitioning of computer system resources by executing multiple virtual machine instances on a single physical host machine. Various components of the hypervisor may require privileged access to the physical host machine in order to provide effective administration of the virtual machine instances. Although reasonable precautions may be taken when developing hypervisors, reducing the risk of such attacks is a complex endeavor, typically requiring a lot of skill and resources.
Operating systems and applications, including virtualized operating systems and applications, use data obfuscation techniques to implement secure channels and trust zones for secure application execution. A variety of cryptographic techniques may be used to accomplish secure channels and trust zones such as by encrypting sensitive data at rest when in persistence storage or encrypting communications over an un-secure public network. Generally, during application execution, cryptographic keys and other sensitive information used by the application may be stored in memory without any protection. In a virtualized environment supported by a hypervisor, the application's security is typically limited to the security features provided by the guest operating system. Furthermore, physical hardware may be shared across multiple operating systems when the operating systems run in a virtualized environment.